|
msg
|
the MSG part of the message
(aka "the message" ;))
|
|
rawmsg
|
the message excactly as it was received from the socket.
Should be useful for debugging.
|
|
hostname
|
hostname from the message
|
|
source
|
alias for HOSTNAME
|
|
fromhost
|
hostname of the system the message was received from (in a
relay chain, this is the system immediately in front of us and not
necessarily
the original sender). This is a DNS-resolved name, except if that
is not possible or DNS resolution has been disabled.
|
|
fromhost-ip
|
The same as fromhost, but alsways as an IP address. Local
inputs (like imklog) use 127.0.0.1 in this property.
|
|
syslogtag
|
TAG from the message
|
|
programname
|
the "static" part of the tag, as defined by BSD
syslogd. For example, when TAG is "named[12345]", programname is
"named".
|
|
pri
|
PRI part of the message - undecoded (single value)
|
|
pri-text
|
the PRI part of the message in a textual form with the
numerical PRI appended in brackes (e.g. "local0.err<133>")
|
|
iut
|
the monitorware InfoUnitType - used when talking to a
MonitorWare backend (also for phpLogCon)
|
|
syslogfacility
|
the facility from the message - in numerical form
|
|
syslogfacility-text
|
the facility from the message - in text form
|
|
syslogseverity
|
severity from the message - in numerical form
|
|
syslogseverity-text
|
severity from the message - in text form
|
|
syslogpriority
|
an alias for syslogseverity - included for historical reasons
(be careful: it still is the severity, not PRI!)
|
|
syslogpriority-text
|
an alias for syslogseverity-text
|
|
timegenerated
|
timestamp when the message was RECEIVED. Always in high
resolution
|
|
timereported
|
timestamp from the message. Resolution depends on what was
provided in the message (in most cases, only seconds)
|
|
timestamp
|
alias for timereported
|
|
protocol-version
|
The contents of the PROTCOL-VERSION field from IETF draft
draft-ietf-syslog-protcol
|
|
structured-data
|
The contents of the STRUCTURED-DATA field from IETF draft
draft-ietf-syslog-protocol
|
|
app-name
|
The contents of the APP-NAME field from IETF draft
draft-ietf-syslog-protocol
|
|
procid
|
The contents of the PROCID field from IETF draft
draft-ietf-syslog-protocol
|
|
msgid
|
The contents of the MSGID field from IETF draft
draft-ietf-syslog-protocol
|
|
inputname
|
The name of the input module that generated the message (e.g.
"imuxsock", "imudp"). Note that not all modules
necessarily provide
this property. If not provided, it is an empty string.
Also note that the input module may provide any value of its liking. Most
importantly,
it is not necessarily the module input name. Internal sources
can also provide inputnames. Currently, "rsyslogd" is defined as
inputname for
messages internally generated by rsyslogd, for example startup
and shutdown and error messages. This property is considered useful when
tr
ying to filter messages based on where they originated - e.g. locally
generated messages ("rsyslogd", "imuxsock",
"imklog") should go to a different
place than messages generated
somewhere.
|
|
$bom
|
The UTF-8 encoded Unicode byte-order mask (BOM). This may be
useful in templates for RFC5424 support, when the character set is know to be
Unicode.
|
|
$now
|
The current date stamp in the format YYYY-MM-DD
|
|
$year
|
The current year (4-digit)
|
|
$month
|
The current month (2-digit)
|
|
$day
|
The current day of the month (2-digit)
|
|
$hour
|
The current hour in military (24 hour) time (2-digit)
|
|
$hhour
|
The current half hour we are in. From minute 0 to 29, this is
always 0 while from 30 to 59 it is always 1.
|
|
$qhour
|
The current quarter hour we are in. Much like $HHOUR, but
values range from 0 to 3 (for the four quater hours that are in each hour)
|
|
$minute
|
The current minute (2-digit)
|
|
$myhostname
|
The name of the current host as it knows itself (probably
useful for filtering in a generic way)
|
